66% of organisations won’t recover from a cyber attack

Resilient, an IBM company, and Ponemon Institute recently revealed the results of their annual global Cyber Resilient Organization study, the headline being that organisations remain unprepared to respond to cyber attacks. In fact, 66% of organisations are believed to be incapable of recovering from a cyber attack at all.

John Bruce, CEO and co-founder of Resilient, reiterated this point by saying: “This year’s Cyber Resilience study shows that organisations globally are still not prepared to manage and mitigate cyber attacks.”

According to 2,400 security and IT professionals from around the world, this is mainly because of the complexity of IT processes and the lack of a formal cyber security incident response plan (CSIRP). Companies with no CSIRP in place have a distinct inability to recover from a cyber attack. Worryingly, 52% of those that do have a CSIRP have either not reviewed or updated the CSIRP since it was put in place, or have no set plan to do so, meaning that their CSIRP is highly likely to be out of date and ineffective.

Looking at the cyber attacks themselves, the report found that more than half (53%) of companies have suffered at least one data breach in the past two years, 74% have been compromised by malware on a frequent basis, and 64% have been compromised by phishing on a frequent basis. The report rightly concluded that, while a CSIRP is essential to overcoming a cyber attack, it is equally important to put preventive measures in place, such as anti-malware software.

The UK Government’s Cyber Essentials certification scheme seeks to help businesses prevent up to 80% of all cyber attacks by implementing five key controls: secure configuration, boundary firewalls and Internet gateways, access control, patch management, and malware protection. Marrying this with the right technology can help companies drastically reduce their vulnerability to cyber attacks.

The key findings from the study

Companies experience frequent cyber attacks that are often successful

More than half (53%) say they suffered at least one data breach in the past two years.

74% say they faced threats due to human error in the past year.

74% say they have been compromised by malware and 64% by phishing on a frequent basis over the past two years.